My server has been the target from hackers 3 times in the last month, and the attack seem to follow the same pattern. The attack another site from my server using UDP connection. The report from my ...

Since last week I have been seeing something fishy and it seems to be worsening. I tried many firewalls and they seem to be useless. I blocked all unwanted ports and only few ports are open so I found ...

When I began my career in network security, almost a decade back, the industry standard was stateful firewalls that even had the ability to inspect some application layer protocols. I had only heard ...

Well i was building a new server and inputed there some IPtables rules, i set postfix and send me an email to try it out, to my surprise the email reached perfectly without me declaring a rule for the ...

I followed this tutorial (http://elinux.org/RPI-Wireless-Hotspot) for an Wifi Hotspot in the guesthouse. This is working fine, but every device on the WiFi network can reach any LAN device in the LAN ...

I have been seeing few rules with -m state --state NEW, ESTABLISHED, RELATED. First I thought that was pointless as it was contemplating the three possible states, so there was no need to define -m ...

Last thing we want to do is provoke an attacker and offer them challenges or puzzles indirectly to give them a flag to stay and continue to hack rather than move on to other hosts. If possible, I do ...

So far I've always been logging the INPUT and OUTPUT chains because I only used iptables as host firewall.
Now I'm configuring network firewall which uses iptables, but I don't know whether I should ...

While reading about NOTRACK target of raw table in iptables, I encountered an article suggesting that for certain traffic you could (or even should) disable connection tracking. The two examples were: ...

I am using the following iptables rules for port knocking. Everything works well, but it open the port for just a second and then close it. So how to improve this script to accept connection for a 30 ...

Recently, one of my client-server application started to disturb me with some very annoying "notifications". Basically, what happens is that the remote server sends a few packets to my client, which ...

I am trying to figure out how it was compromised. They installed IptabLes and IptabLex in /boot.
They also added /etc/init.d/IptabLes and /etc/init.d/IptabLex which simply call the respective /boot ...

I've got a Kali Linux box I use for pen testing.
I would like to configure my machine to DROP incoming packets, but only when I'm not listening on them.
e.g. if I run a netcat listener on port 80, I ...

I have seen some suspicious outbound communications blocked on my VPS, which hosts a small experimental Web site, and want to find out which application is making the attempt. The server is running ...

I am not sure about that. It should run in kernel mode in order to avoid some user-mode program to kill/suspend the firewall and do its dirty job.
The malware would not be able to kill the firewall ...

I am trying to get my machines to be force through a MiTM and the MiTM to redirect them to a server of my choice (which happens to be the MiTM on port 17002)
I am running ip tables:
sudo iptables -t ...

I have a home-made web application and thought that an easy way to secure it's administration interface would be to simply reject all IPs that arent from 192.168... Is this viable? is it possible for ...

Our office network bandwidth gets choked when an employee copies a large file into her DropBox, since it gets downloaded on several machines (of other employees).
LAN Sync is an option, but needs to ...

I have a Dual PC setup. Two PC's are networked together via crossover cable. The Windows PC is running Windows 7 SP1 64-bit and the Linux PC is running Slackware 14 64-bit with iptables.
My firewall ...

Recently I learned about the difference between DROP and REJECT in a firewall.
I understand that REJECT is better because it closes the connection immediately instead of waiting for timeout as DROP ...

I have a server on my DMZ whichs relays syslog and OcsInventory messages to a server on a vlan for logging servers.
In order to allow the packets to go through I must allow port 80 (OcsInventory) and ...

I have been advised that mixing firewall rules that are both stateful and stateless can lead to trouble when it comes to troubleshooting. Is there any truth in this?
Take the following two rule sets ...

In a wireless Ad-Hoc network, I have two computers which communicates in UDP together from 192.168.1.3 to 192.168.1.5
I have a third computer (192.168.1.6) which wants to listen to the packets which ...

During a pentest I found a way to add arbitrary iptables firewall rules to a server. These rules get applied by way of the iptables-restore command, and I've been wondering whether there is any way to ...